In college I started blogging and did so for quite a few years using Windows Live Spaces as my host. Unfortunately, Windows Live Spaces was shut down and they suggested that people move to WordPress as an alternate host.

I got part of the way through this process, but didn’t like the amount of customization available, so I made resurrection of my blog a low priority.

A few things have changed since then though, mainly my thinking on the use of social networking and who owns the content provided. I’ve generated content for quite some time on Facebook and more recently Google+. It’s my impression, from reading their terms of service, that they believe that they own original content created by you within their services.

So this blog will be my attempt at retaining a little control in that regard – and I can use my own Google AdSense instead of letting Facebook sell ads to view my content.

I’ll still be posting links to my posts along with snippets – so my friends on the various social networks will see the same traffic as usual where shorter posts are concerned, but for the more in-depth discussions, I’ll be posting them here.

Also, from time to time I encounter a technical issue that I feel is poorly documented on the Internet. I’ll be making note of those here as well in hopes that when I (or others) encounter the same issue in the future it will at least be a starting point for getting to the solution.

That said, it’s nice to have a home for my public thoughts again and I hope people don’t mind clicking away from their favorite social networks to read my stuff.

I wonder if musicians would be so adamant about royalties for replaying a creative performances if they were charged royalties every time they used software, essentially replaying the creative performances of orchestras of programmers and engineers – ceaselessly, inescapably.

You can turn off a radio – but you can’t turn off the droning background hum of technological innovation.

In fact, in such a world, musicians would need to pay royalties to record, distribute, or even listen to their own music.The funny thing is, that in a free market – this is EXACTLY what happens – except the royalties are paid up-front and bundled as part of the price of software and devices. The only cases where engineers get “royalties” of their creative performances is in the world of patents.

Both are protectionist – and both set their fields back immeasurably to bolster the absurd notion that one should be rewarded perpetually for a single good performance.

Import with Internet Explorer 7 & Internet Explorer 8

Update Email Client Settings

When replacing an expired certificate in Windows Live Mail, users will need to select the new certificate to be used for signed and encrypted emails. Otherwise the following message will appear:

Security Warning

Your digital ID for this account has expiredWindows Live Mail has found several valid digital IDs on your computer. Would you like to choose which digital ID to use when sending digitally signed mail from this account?[Send Without Signing] [ Cancel ]

Oddly, neither of the options take you to where the digital ID can be selected.

I’m finishing my Engineering degree (9 months remaining) and without time for a job, I need to save as much money as possible. One way to do this is to park my SUV in the garage and ride a Segway to school.

The commute would be about 4.6 miles one-way and would take 47 minutes. The maximum range of a Segway i2 is about 24 miles I should be able to recharge it at home each night. I’d have COTA bus service as a backup (1 hour ride 1 route transfer to go 4.6 miles) during inclement weather.

I expect to save about $1,500/yr. with this plan – which is quite a bit less than the cost of a new Segway (around $4000) plus operating costs. I don’t have the money lying around to attempt this, and I’d rather not go into debt for this project, so my hope is to raise enough money from folks that feel strong enough about the environment to get an SUV off the road. Clearly, the savings alone are insufficient to fund it.

I’ll be updating this page with photos and fundraising milestones. My initial goal was to raise enough funding to ride a Segway to school on the first day of class (September 22, 2004). I’ve heard a lot of folks concerned about “Global Warming” since Al Gore’s movie was released, but I’m not convinced that people are worried enough to do anything about it (like donate to small projects like this).

If you’ve ever wanted to have one less “gas guzzling” SUV on the road or have one more available parking space, now is your chance. Even if you can only afford to give one dollar.

Even if you can’t afford to donate a signle dollar, hopefully you will at least tell a few people about this page – maybe blog about it, digg it, or put a link in your email or newsgroup signature – it would be greatly appreciated.

PROJECT COMMENTS

“That’s a very cool idea. I hope you gather lots of donations.” – SUV Backlash

Q&A

Q: Why not ride a bike?A:Quite a few students ride bikes to campus. Often their commute is only a few city blocks. City code requires that all bikes be ridden in the street, though I know this to be an unsafe practice. Bikes on campus are not permitted indoors and are frequently stolen and vandalized. I’ve been told I could store and recharge a Segway in the office of a friend.

Q: Why not ride the bus?A:The bus is indeed a backup, but it does not run at all hours or to my residence. Taking the bus would require a time consuming trip downtown, then back up to campus. The bus also does not run on my street during the better part of the day. Finally, the most efficient route requires a transfer in one of my city’s most dangerous neighborhoods. I’ve already been the victim of a violent attempted robbery once, that’s why I’d like to take a different approach.

NOTE: The donation process should allow comments. I may post a few of them here. If you wish to make a comment, why not donate a few bucks? I will obtain permission from donors before posting comments.

People/organizations donating $100 or more are eligible to receive mention on this page along with a link.

Donations of $500 or more are eligible to receive mention on this page along with a link and logo.

Introduction

This document was created based on about five years of using S/MIME digital signatures and encryption in my day-to-day activities. It will serve as a primer for anyone who wishes to insure the integrity of their online communications. I will focus on two free digital ID providers, how to get started, my experiences in participating in Thawtes “Web of Trust”, and some drawbacks encountered with using S/MIME as well. I will also discuss S/MIME security, and compare S/MIME to some other email signing and encryption technologies in wide use today.

Overview

S/MIME (short for “Secure/MIME”) is a version of the MIME protocol that supports encryption of email messages and their contents by way of RSA’s public-key encryption technology. S/MIME was created in 1995 by a group of software vendors to prevent interception and forgery of e-mail, and since it builds on the existing MIME protocol standard, it can be easily integrated into existing e-mail and messaging products. Since S/MIME was based on existing widely supported standards, it is likely to continue to be widely implemented across a variety of operating systems and e-mail clients. For this reason, it is possible for a Windows operating system user with the Outlook email client to send a secure, digitally signed email to a Unix operating system user with the Netscape Messenger email client (for example) without installing any additional software.

Getting Started

To start using S/MIME, you’ll need to start by obtaining an email client that supports S/MIME. Since most people seem to use Outlook and Outlook Express, I will focus on these two email clients on the Windows operating system. I have also successfully configured and used S/MIME with the Netscape Messenger (part of Netscape Communicator) email client while using the Solaris operating system. Once you have installed your email client, you are ready to select a digital ID provider.

Free Digital ID Providers

InstantSSL

Thawte

Since I have been using a Thawte digital ID for over a year now, I will focus on configuring S/MIME using a Thawte ID and add detailed instructions for using an InstantSSL ID later.

Certificates issued by Thawte say “Thawte Freemail Member” when opened, but by participating in the Thawte Web Of Trust (WOT), users can have their name added to their digital ID and included in their certificates for added trust and security. To do this, Thawte uses a system of points to establish trust. The points are on a scale of 0 to 100 and are obtained by seeking out Thawte Notaries who will confirm your identity and issue points to you via the Thawte website. Once a user obtains 50 points, new certificates issued are signed with their name. By continuing the process, a Thawte ID holder can become trusted enough to notarize ID’s themselves. To achieve notary status, a user must be verified by no fewer than three Thawte Notaries.

Obtaining Your Thawte ID

To request a Thawte ID, you will need to have a government issued photo ID or Passport. Your government has verified your identity, and the Thawte WOT will build on that. Each time you have your digital ID notarized, you will need to display your government issued photo ID so that the notary can compare your appearance to the photo on the ID and also examine the ID so they are reasonably certain that the photo ID is legitimate. The person requesting the digital ID must also be at least 13 years old.

To set up your digital ID, start by visiting the Thawte website at the following address:

Provide your Surname, Given Name, Date of Birth, and Nationality, then click “next”.

Provide your national identification card number in the field provided, and select the type of identification. Finally, enter your email address. The email address you provide will serve as your Thawte username. Click “next”.

After reading about phone numbers, enter a telephone number where you can be reached in the event that you lose your password. Move on to read about question and answer pairs (used for retrieving forgotten passwords), fill out your answers, and click “next”.

Confirm your enrollment information, and click “next”.

To complete the process, you will need to follow the instructions sent to you via email by Thawte.

Requesting Thawte Certificates

After creating your Thawte ID, you are ready to request a certificate. This certificate stems from your original Thawte ID, but is unique and applies only to one email address, on one email client, on one computer.

In some browsers, you will now see a warning that the web site is requesting a new certificate for you – since this is to be expected, approve the request. In Internet Explorer, you can do so by clicking “Yes”.

You will see a pop-up window with a button labeled “Set Security Level…”, click this button and select the “High” security level. Setting to High requires a password each time the certificate is used. Click the “Next >” button.

NOTE: The default is low/medium security. By setting the security level of your certificate to “high”, you will be required to type your password every time an email is encrypted or signed (after you get used to this, it really isn’t as annoying as it might seem – and it has saved me a few times from accidentally sending unfinished emails).

Now you must create a password for this certificate and type it into the provided Password field. You will need to retype it in the Confirm field to ensure that you have typed the password correctly.

Click the “Finish” button.

Next click the “OK” button.

Finally click “finish”.

Click “next” to return to the Certificate Manager page.

Thawte will email you once your cert is ready for download (it usually takes only a few minutes).

Installing Thawte Certificates

The email should explain where to download it. Essentially you go to the Thawte web site (“View Certificate Status” under the “Certificates” menu when logged in – if you get lost) and click a link. A message box appears and says it’s installing the cert.

Go into your mail client and compose an email. If you are using Outlook, you can set the message security in the message options (there is a button when composing). If you’re using Outlook Express, it’s in the Tools menu. You should be able to send me a signed and encrypted message right off the bat.

Configuring Your Mail Client

You may wish to make some small changes to your email client for a better S/MIME experience.

Outlook XP/2003

Signing All Outbound Messages

Tools > Options…

Click the “Security” tab.

Check the “Add digital signature to outgoing messages” checkbox.

Also check the “Send clear text signed message when sending signed messages”.

Back-up your Certificates

Click the “Import/Export…” button.

Select the “Export your Digital ID to a file” radio button.

Click the “Select…” button.

Choose the Certificates you wish to export from the list, then click the “OK” button.

In the “Filename” field, type a filename for your exported certificate.

To protect your exported certificates, enter a password and confirm.

Click the “OK” button again.

You will need to enter the password for your certificate at this time and click “OK” (do not check the “Remember password” checkbox – this will defeat the “High” level of security on your certificate).

Click the “OK” button.

Adding Buttons (Turn off Word as Editor)

Go to Tools > Options > Mail Format (Tab)

Uncheck “Use Word to edit email messages”

Click “OK”

Create a new email message…

Right-click on the toolbar and click “Customize”

Select the “Commands” tab, and select the “Standard” category of commands.

In the “Commands:” window, you will see two buttons near the bottom.

One is an envelope with a red seal, the other is an envelope with a blue lock.

Drag each of these into your toolbar (to a place you like – I put mine just before the “Options” button.

Click “Close”.

You should now have two buttons on your toolbar.

Sending Signed Email by Default

Go to Tools > Options > Security (Tab)

Check “Add digital signature to outgoing messages”

Check “Send clear text signed message when sending signed messages”

(NOTE: If you do not send messages as cleartext signed, users without an S/MIME supporting email client will be unable to read them – they will look like an encrypted email message.)

Click “OK”

Outlook Express

When a user sends their new cert after their old cert expires, you need to open their contact, go to “Digital ID’s” and set their new cert as default – otherwise the old cert will be used.

Drawbacks / Known Issues

Inexperienced Users

Some people are Internet novices – yet they still have an S/MIME compliant email client. Most clients make it easy to reply to signed and encrypted emails by setting the reply message to be signed or encrypted by default.

If you try to reply by way of a signed message, even though you don’t have a digital ID you’ll probably get a warning that you can’t send digitally signed messages.

In Outlook Express, the message is as follows:

Outlook Express Mail
“You cannot send digitally signed messages because you do not have a digital ID for this account.”
[Get Digital ID] [Cancel]

Some users will interpret this as “An Error Message” and that they “Cannot reply to your emails”. If they use Outlook Express, they can reply to your message as they normally would, but first they must go to “Tools” in the File menu and uncheck the “Digitally Sign” option for the reply email.

Outlook Express

No Support for Certs with Multiple Email Addresses:Normally, users would only need one certificate for each email client/computer combination – but due to a problem with the way Outlook Express interperets digital ID’s, it is best to create a new one for each email address as well for maximum compatibility.

Limited support for posting signed messages in NNTP Newsgroups

Netscape Communicator

I had trouble with different versions of Communicator fighting each other in the CIS Solaris environment. The net result was that digital ID’s worked in the email client version I configured first, but after upgrading to a newer version, it stopped working.

Web-based Email

No Support for most web based email clients – but S/MIME email IS supported in the latest version of Outlook Web Access.

I found the solution though:

A new window titled “Change Security Settings” will openIn the “Certificates and Algorithms” section, at the “Signing Certificate:” field, click the “Choose…” buttonSelect the appropriate certificateAt the “Encryption Certificate:” field, click the “Choose…” buttonSelect the appropriate certificate

People seemed to love using Weeplayer since the footprint is so small. It was originally designed for people running high resolutions, but for people on computers running at a very low resolutions I wanted to offer Microplayer; something smaller that would even keep out of the way, yet “always on top” at lower resolutions as well.

Windows Media Player Skin Downloads

Microplayer

Microplayer is the second skin I have made – based largely on feedback I recieved from users of the original Weeplayer. Microplayer is designed to reside in the title bar of a maximized window near the upper-right corner of your screen.

Weeplayer

Weeplayer is the first WMP skin I made. I spent a few hours one weekend reading the WMP SDK and figuring out how things worked. The rest was suprisingly easy. Weeplayer is designed for users who have high-resolution video cards. It has a large “Play/Pause” button so that it’s easy to control music and audio streams even though the interface is so small.